In 2016, Initial Coin Offerings (ICO’s)- essentially crowdfunding for cryptocurrencies- collected around $240 million. 2017 brought in over $5.5 billion in ICO’s. This exponential increase in value has caught the eyes of all institutional investors, along with inexperienced investors that saw cryptocurrencies as a ‘get rich quick’ opportunity.
As history has dictated, any ‘get rich quick’ opportunity attracts a wave of investors that are less knowledgeable and technically savvy than consistent investors – these investors are deemed, speculative investors. As more speculative investors invest in crypto-coins the price of them skyrocket up, thus, attracting even more newbie investors in a feedback loop. Criminals see these investors as easy targets from their inexperience.
They exploit these investors through a wide array of attacks. London based Elliptic- a company that focuses on tracking and preventing criminal activity on cryptocurrency blockchains- says they have seen a fivefold increase in phishing attacks since the start of the year. The most popular way criminals have been phishing investors is through Google Ads. Phishers would spoof a legitimate sounding website and exploit careless investors. For example, the ad would be for ‘blockchien.info’, rather than the respected ‘blockchain.info’ website. The careless investor would miss the typo and enter their credentials into a risky site, effectively losing their all their coins. However, Google caught onto this and recently banned all cryptocurrency advertisements. Since the ban phishers have moved to more
While phishing attacks are gaining traction, the grand prize for most hackers are exchanges. Attacking an exchange offers the largest returns and largest risk. In 2014, 650,000 Bitcoins were taken from Japanese exchange, Mt. Gox- at Bitcoin’s peak this would have approximately been worth USD $12 billion. There have been many more attacks since the Mt. Gox one, however, non-have been as lucrative. Since then many exchanges decided they want no responsibility for user’s funds and do not hold any, this eliminates the opportunity for attacks to steal from the exchange. Furthermore, many believe this shift away from holding funds is the main reason that phishing attacks have gained so much traction. Attackers are now going directly to the source of the funds rather than the exchange.
Secure Sense is the security provider that cares. We are a team of experts with a passion for IT and protecting your organization is what motivates us daily. If you have questions or want to learn more about how we can improve your organization’s security, our services or just want to chat security please give us a shout. If you’re looking to guest blog, please send an email here.